Paper 2025/268

πœ”(1/πœ†)-Rate Boolean Garbling Scheme from Generic Groups

Geoffroy Couteau, CNRS, UniversitΓ© Paris CitΓ©
Carmit Hazay, Bar-Ilan University
Aditya Hegde, Johns Hopkins University
Naman Kumar, Oregon State University
Abstract

Garbling schemes are a fundamental cryptographic tool for enabling private computations and ensuring that nothing leaks beyond the output. As a widely studied primitive, significant efforts have been made to reduce their size. Until recently, all such schemes followed the Lindell and Pinkas paradigm for Boolean circuits (JoC 2009), where each gate is represented as a set of ciphertexts computed using only symmetric-key primitives. However, this approach is inherently limited to 𝑂(πœ†) bits per gate, where πœ† is the security parameter. Recently, it has been shown that achieving smaller garbled circuit size is possible under stronger assumptions, such as variants of Learning with Errors (LWE) or Indistinguishability Obfuscation (iO). In addition to requiring high-end cryptography, none of these constructions is black-box in the underlying cryptographic primitives, a key advantage of prior work. In this paper, we present the first approach to garbling Boolean circuits that makes a black-box use of a group and uses π‘œ(πœ†) bits per gate. Building on a novel application of the Reverse Multiplication-Friendly Embeddings (RMFE) paradigm (Cascudo et al., CRYPTO 2018), We introduce a new packing mechanism for garbling schemes, that packs boolean values into integers and leverage techniques for arithmetic garbling over integer rings. Our results introduce two new succinct schemes that achieve improved rates by a factor of√︁ log πœ†, retaining the black-box usage. (1) Our first scheme is proven in the Generic Group model (GGM) for circuits with Ξ©(√︁ log πœ†) width, obtaining a garbled circuit size of πœ† Β· |C|/√︁ log(πœ†). (2) Our second scheme is proven in the plain model under the Power-DDH assumption, attaining a garbled circuit size of πœ† Β· (|C|/√︁ log(πœ†) + poly(πœ†) Β· depth(C), but is restricted to layered circuits. Our schemes are the first to achieve sublinear (in πœ†) cost per gate under assumptions that do not imply fully homomorphic encryption; in addition, our scheme is also the first to achieve this while making a black-box use of cryptography.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
garbled circuitgarbling schemegeneric group modelpower-DDH
Contact author(s)
couteau @ irif fr
carmit hazay @ biu ac il
ahegde3 @ jhu edu
kumarnam @ oregonstate edu
History
2025-02-18: approved
2025-02-18: received
See all versions
Short URL
https://ia.cr/2025/268
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/268,
      author = {Geoffroy Couteau and Carmit Hazay and Aditya Hegde and Naman Kumar},
      title = {πœ”(1/πœ†)-Rate Boolean Garbling Scheme from Generic Groups},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/268},
      year = {2025},
      url = {https://eprint.iacr.org/2025/268}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.